Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Deployment and Optimization of Linux Common Services

2025-01-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

3Pertinent 1nfs deployment and optimization-1

NFS = = network file system

If there are three machines A, B, C, they need to access the same directory, the directory is full of pictures, the traditional practice is to put these pictures in A, B, C. But to use NFS, you just need to put it on A, and then A can share it with B and C. When visiting, B and C access the directory on A through the network. Implement simple access to remote files.

Install NFS

Yum install-y nfs-utils

First create a simple NFS server

Vim / etc/exports

Write down:

/ mnt 192.168.137.0 take 24 (rw,sync,all_squash,anonuid=501,anongid=501)

Shared directory / mnt, shared to 137network segments, rw readable and writable, sync shared synchronization, limited to all users, and limited to uid and gid 501s. (no_root_squash is root) (ls-l / opt)

: wq

Start the NFS service

/ etc/init.d/rpcbind start

/ etc/init.d/nfs start

Mount nfs on the client

Yum install-y nfs-utils

Showmount-e 192.168.137.10 (ip on the server), view the directory and network segment or URL of the ip share

Mount the server's nfs on the client

Mount-t nfs 192.168.137.10: / mnt / opt mount to / opt

Df-h view shared directories

The content of the modified / opt on the client may not display enough permissions.

Change the permission of / mnt to 777 on the server

Chmod 777 / mnt

3Jing 2NFS deployment and Optimization-2

/ etc/init.d/nfs restart restart nfs

Exportfs-arv restart nfs

Umount / opt/ uninstall

Mount-t nfs-o nolock nfsevers=3 192.168.137.10:/mnt / opt optimized mount

3pr 3pureftp deployment and optimization-1

FTP = = file transfer protocol

Can be used in windows or linux systems

Upload or download files between servers

Software pure-ftpd

Download pure-ftpd

Cd / usr/local/src/

Wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.42.tar.bz2

Install pure-ftpd

Tar jxf pure-ftpd-1.0.42.tar.bz2

Cd pure-ftpd-1.0.42

. / configure\-prefix=/usr/local/pureftpd\-without-inetd\-with-altlog\-with-puredb\-with-throttling\-with-peruserlimits\-with-tls

Make

Make install

Modify the configuration file

Path where the mkdir-p / usr/local/pureftpd/etc/ configuration file is located

Cd configuration-file

Cp pure-ftpd.conf / usr/local/pureftpd/etc/pure-ftpd.conf cp pure-config.pl / usr/local/pureftpd/sbin/pure-config.pl chmod 755 / usr/local/pureftpd/sbin/pure-config.pl

Vim / usr/local/pureftpd/etc/pure-ftpd.conf

Delete all

Add

ChrootEveryone yes BrokenClientsCompatibility no MaxClientsNumber 50 Daemonize yes MaxClientsPerIP 8 VerboseLog no DisplayDotFiles yes AnonymousOnly no NoAnonymous no SyslogFacility ftp DontResolve yes MaxIdleTime 15 PureDB / usr/local/pureftpd/etc/pureftpd.pdb LimitRecursion 3136 8 AnonymousCanCreateDirs no MaxLoad 4 AntiWarez yes Umask 133:022 MinUID 100 AllowUserFXP no AllowAnonymousFXP no ProhibitDotFilesWrite no ProhibitDotFilesRead no AutoRename no AnonymousCantUpload no PIDFile / usr/local/pureftpd/var/run/pure-ftpd.pid MaxDiskUsage 99 CustomerProof yes

: wq

Set up an account

Mkdir / tmp/ftp

Chown-R user3 / tmp/ftp mapping user user3

/ usr/local/pureftpd/bin/pure-pw useradd ftp_user1-uuser3-d / tmp/ftp/

Type in the password

/ usr/local/pureftpd/bin/pure-pw mkdb create a user information database file

/ usr/local/pureftpd/bin/pure-pw list lists the current account

/ usr/local/pureftpd/bin/pure-pw userdel ftp_user2 command to delete account

/ usr/local/pureftpd/sbin/pure-config.pl / usr/local/pureftpd/etc/pure-ftpd.conf start pure-ftpd

3Jing 4 pureftp deployment and Optimization-2

Test pure-ftpd

Client

Yum install-y lftp

Login password for lftp ftp_user1@127.0.0.1 account (server ip)

Touch / tmp/ftp/123.txt

Ls

Get 12.txt download file 12.tet

The server can also upload files.

Login password for lftp ftp_user1@127.0.0.1 account (server ip)

Put 12.txt uploads files

Command ftp127.0.0.1 to log in to ftp, which is a little different from lftp

Operate ftp under windows: install ftp software

3pr 5vsftp deployment and optimization-1

Vsftp is the ftp software that comes with centos

Install vsftp

Yum install-y vsftpd

Start / etc/init.d/vsftpd start

(if startup fails, it is possible that port 21 is occupied

Netstat-lnp View Port

If port 21 is found to be occupied by another process, deactivate the process

Killall pure-ftpd)

Client login

Lftp user1@127.0.0.1

You can cd to any directory without restriction. It's very dangerous.

Vim / etc/vsftpd/vsftpd.conf enters the configuration file

Delete the # before chroot_local_user=yes

/ etc/init.d/vsftpd restart

Lftp user1@127.0.0.1

Cd / etc

I can't get in. It's restricted.

Pwd

Ls

Only the current directory can be accessed

3Jing 6 vsftp deployment and Optimization-2

Create a virtual user

Useradd virftp-s / sbin/nologin

Vim / etc/vsftpd/vsftpd_login

Test1 (account number)

111222aaa (password)

Test2 (account number)

Aaa111ddd (password)

: wq

Chmod 600 / etc/vsftpd/vsftpd_login

Create a binary library file

Db_load-T-t hash-f / etc/vsftpd/vsftpd_login / etc/vsftpd/vsftpd_login.db

Create a virtual account

Mkdir / etc/vsftpd/vsftpd_user_conf

Cd / etc/vsftpd/vsftpd_user_conf

Vim test1

Local_root=/home/virftp/test1

Anonymous_enable=NO

Write_enable=YES

Local_umask=022

Anon_upload_enable=NO

Anon_mkdir_write_enable=NO

Idle_session_timeout=600

Data_connection_timeout=120

Max_clients=10

Max_per_ip=5

Local_max_rate=50000

: wq

Create a home directory for test1 mentioned in the configuration file

Mkdir / home/virftp/test1

Chown-R virftp:virftp / home/virftp/test1

Modify the verification file

Vim / etc/pam.d/vsftpd

Add two lines at the beginning

Auth sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

Account sufficient / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

: wq

Modify vsftpd.conf

Vim / etc/vsftpd/vsftpd.conf

Anonymous_enable=NO

Local_enable=YES

Write_enable=YES

Local_umask=022

Anon_upload_enable=NO

Anon_mkdir_write_enable=NO

Dirmessage_enable=YES

Xferlog_enable=YES

Connect_from_port_20=YES

Xferlog_file=/var/log/vsftpd.log

Xferlog_std_format=YES

Nopriv_user=vsftpd

Async_abor_enable=YES

Ascii_upload_enable=YES

Ascii_download_enable=YES

Ftpd_banner=Welcome to FTP service.

Listen=YES

Chroot_local_user=YES

Pam_service_name=vsftpd

Userlist_enable=YES

Add on the last line

Tcp_wrappers=YES

Guest_enable=YES

Guest_username=virftp

Virtual_use_local_privs=YES

User_config_dir=/etc/vsftpd/vsftpd_user_conf

: wq

Start the vsftpd service

/ etc/init.d/vsftpd start

Lftp test1@127.0.0.1

External browser login

Ftp://127.0.0.1

3. 7 samba deployment and Optimization-1

Samba network administrators use it a lot.

Linux share windows access

Install samba

Yum install-y samba samba-client

Vim / etc/samba/smb.conf configuration file

3Jing 8 samba deployment and Optimization-2

On the practice of samba

1. Share a read-only directory that anyone can access without entering a user name and password

Vim / etc/samba/smb.conf

Security = share

Workgroup = WORKGROUP

Add a paragraph at the end

[aming] comment = share all path = / tmp/sambadir browseable = yes public = yes writable = no

: wq

/ etc/init.d/smb start enabled

Mkdir / tmp/sambadir create directory

Cp / etc/passwd / tmp/sambadir/1.txt

Mkdir / tmp/sambadir/test chmod 777 / tmp/sambadir/test

Files and paths for accessing samba shares under windows

Open and run

Enter\\ 192.168.11.160

Open to see the shared test path and the contents of the etc/passwd, and not writable within the test

Access samba under linux

Smbclient / / 192.168.11.160/aming

Enter

Ls

Another way to mount

Yum install-y cifs-utils

Mount-t cifs / / 192.168.11.160/aming / opt/

Df-h

Cd / opt/

Ls

3Jing 9 samba deployment and Optimization-3

Practice 2: share a directory and log in with a user name and password before you can access it. You need to be able to read and write.

Vim / etc/samba/smb.conf

Delete the whole paragraph of [aming] that was added at the end.

Security = user

Add a paragraph at the end

[aminglinux] comment = share for users path = / tmp/sambadir browseable = yes writable = yes public = no

: wq

Create users and passwords

Useradd smbuser1 create user

Pdbedit-a smbuser1 increases users

/ etc/init.d/smb restart

Testing under linux

Smbclient / / 192.168.11.160/aminglinux/-U smbuser1

Ls

Testing under windows

Open and run

\\ 192.168.11.160\ aminglinux

Account number smbuser1

Mounting mode

Mount-t cifs-o username=smbuser1,password= password / / 192.168.11.160/aminglinux / opt/

Df-h

Ls

Introduction to 4JOO squid service

Squid agent, × × ×

Cdn cache, speed up

Squid is a well-known agent software. It can run not only on linux but also on windows and Unix. Its technology has been very mature. At present, the use of Squid users is also very wide. Compared with other agent software under Linux, such as Apache, Socks, TIS FWTK and delegate, Squid is easy to download and install, simple and flexible to configure, and supports caching and multiple protocols.

The reason why Squid uses a lot is because of its cache function. Squid cache can not only save valuable bandwidth resources, but also greatly reduce the server's I / O. From an economic point of view, it is an indispensable role in the architecture of many websites.

Squid can be used not only as a forward proxy but also as a reverse proxy. When acting as a forward agent, Squid is followed by a client, which has to go through Squid no matter what network it wants to access. When a user (client) wants to request a home page, it sends an application to Squid, asking Squid to request for it, then Squid connects to the website that the user wants to request and requests the home page, and then sends the home page to the user while keeping a backup. When other users request the same page, Squid immediately sends the saved backup to the user, which makes the user feel quite fast. When using a forward proxy, the client needs to make some settings before it can be implemented, that is, the proxy we usually set in the IE option. The reverse proxy is that Squid is followed by the server of a site. When the client requests the site, it will first send the request to the Squid, and then Squid will process the user's request action. A-Ming teaches you a very easy distinction: forward proxy, Squid is followed by the client, the client surfing the Internet through Squid; reverse proxy, Squid is followed by the server, the server to return data to the user needs to go Squid.

You may ask, when do you need to configure a forward proxy and when do you configure a reverse proxy? A Ming's view is that forward agents are used in the office environment of enterprises, and employees need to surf the Internet through Squid agents, which can save network bandwidth resources. The reverse proxy is used to build the caching server for static items (pictures, html, streaming media, js, css, etc.) of the website, which is used in the website architecture.

4pr 1 squid forward agent

Installation

Yum install-y squid

Vim / etc/squid/squid.conf

Delete the # before cache_dir and cache the directory

Add on the next line of cache_dir

Cache_men 28MB

Add on the next line of refresh_pattern

Refresh_pattern\. (jpg | png | gif | mp3 | mp4 | js) 1440 20% 2880 ignore-reload

Add the next line.

Visible_hostname aminglinux.com

: wq

/ etc/init.d/squid start start

Netstat-lnp view port 3128 on which squid listens

Curl test

Curl-x127.0.0.1 3128 www.baidu.com-I (uppercase I)

Browser testing

Tools-- internet options-- connections-- LAN Settings-- Advanced

192.168.11.160 3128

Can visit the web page

Set access restrictions

Add on the last line of acl

Acl http proto HTTP acl good_domain dstdomain .baidu.com http_access allow good_domain

Http_access deny! good_domain

(whitelist, only baidu.com access is allowed, blacklist is bad_domain)

: wq

Squid-kcheck checks the configuration file for errors

Squid-kre reload

Curl test

4pint 2 squid reverse proxy

Vim / etc/squid/squid.conf

Acting Baidu

Http_port 80 accel vhost vport

Cache_peer 61.135.169.125 parent 800 originserver name=a cache_peer_domain a www.baidu.com (Baidu Source ip+ Port + Domain name)

: wq

/ etc/init.d/squid restart

Curl-xlocalhost:80 http://www.baidu.com/ is normal

Curl-xlocalhost:80 http://www.qq.com/, no.

Reverse proxy is mainly used to cache static items, because many static items, especially pictures and streaming media, consume bandwidth. In China, it is slow for Unicom to access telecom resources in this case, and it will be even slower if you access pictures and streaming media with large traffic. So if you configure a squid reverse proxy on Unicom to allow Unicom clients to access the Unicom squid directly, these static items have been cached on squid. This greatly speeds up the speed of access. You may have heard of CDN, but in fact, this is the way it is designed.

4Pol 3 JDK installation in tomcat

The website written in Java is called jsp. At present, many websites are written in jsp, so the program for parsing jsp must have relevant software to complete. Tomcat is a software used to parse jsp programs.

Tomcat is a lightweight application server, which is widely used in small and medium-sized systems and not many concurrent access users. It is the first choice for developing and debugging JSP programs. For a beginner, it can be thought that when an Apache server is configured on a machine, it can be used to respond to requests for access to HTML pages. The Tomcat part is actually an extension of the Apache server, but it runs independently, so when you run tomcat, it actually runs as a separate process from Apache

Install JDK

Cd / usr/local/src/

Wget http://www.aminglinux.com/bbs/data/p_w_upload/forum/jdk-6u23-linux-i586.bin

Mv jdk1.6.0_23 / usr/local/

Set environment variabl

Vim / etc/profile

JAVA_HOME=/usr/local/jdk1.6.0_23/ JAVA_BIN=/usr/local/jdk1.6.0_23/bin JRE_HOME=/usr/local/jdk1.6.0_23/jre PATH=$PATH:/usr/local/jdk1.6.0_23/bin:/usr/local/jdk1.6.0_23/jre/bin CLASSPATH=/usr/local/jdk1.6.0_23/jre/lib:/usr/local/jdk1.6.0_23/lib:/usr/local / jdk1.6.0_23/jre/lib/charsets.jar export JAVA_HOME JAVA_BIN JRE_HOME PATH CLASSPATH

: wq

After source / etc/profile saves the file, make it effective

Java-version checks whether the setting is correct

4pr 4 tomcat installation

Install Tomcat

Cd / usr/local/src/ wget http://www.aminglinux.com/bbs/data/p_w_upload/forum/apache-tomcat-7.0.14.tar.gz

Tar zxvf apache-tomcat-7.0.14.tar.gz mv apache-tomcat-7.0.14 / usr/local/tomcat

Cp-p / usr/local/tomcat/bin/catalina.sh / etc/init.d/tomcat

Vim / etc/init.d/tomcat

Add the following to the second line

# chkconfig: 112 63 37. / etc/init.d/functions JAVA_HOME=/usr/local/jdk1.6.0_23/ CATALINA_HOME=/usr/local/tomcat

: wq

Chmod 755 / etc/init.d/tomcat chkconfig-add tomcat chkconfig tomcat on

Service tomcat start

Ps aux | grep tomcat

Type http://192.168.11.160:8080 in the browser and you will see the main interface of tomcat

4 tomcat 5 configuration and optimization

Make a domain name or change the listening port

Vim / usr/local/tomcat/conf/server.xml

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 218

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report